From 2fb69179cdabbf93628be2a8ad1845688193669c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Mar 2016 00:08:35 +0100 Subject: [PATCH] scrypt: zeroize the temporary output buffer --- .../scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c index 94eb7d99..4b3b80aa 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c @@ -193,6 +193,7 @@ crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryp if (escrypt_init_local(&escrypt_local) != 0) { return -1; /* LCOV_EXCL_LINE */ } + memset(wanted, 0, sizeof wanted); if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen, (const uint8_t *) str, (uint8_t *) wanted, sizeof wanted) == NULL) {